package com.changhai.diabetes.filter;

import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.log4j.Logger;

import com.changhai.diabetes.model.SessionUser;
import com.changhai.diabetes.util.AjaxResultUtil;
import com.changhai.diabetes.util.Constants;
import com.changhai.diabetes.util.StringConvertor;

/**
 * 
 * @author Andy
 *
 */
public class AuthFilter implements Filter {
	private static Logger log = Logger.getLogger(AuthFilter.class);
	private static String ns_skips[];
	private static String page_login;
	private static String page_permission;
	HttpSession session = null;

	/*
	 * (non-Javadoc)
	 * 
	 * @see javax.servlet.Filter#init(javax.servlet.FilterConfig)
	 */
	@Override
	public void init(FilterConfig config) throws ServletException {
		String skipStr = config.getInitParameter(Constants.AUTH_SKIP_NS);
		ns_skips = StringConvertor.str2StrArray(skipStr, Constants.COMMA);
		page_login = config.getInitParameter(Constants.LOGIN_URL);
		page_permission = config.getInitParameter(Constants.PERMISSION_URL);
	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see javax.servlet.Filter#doFilter(javax.servlet.ServletRequest,
	 * javax.servlet.ServletResponse, javax.servlet.FilterChain)
	 */
	@Override
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException,
			ServletException {
		HttpServletRequest hRequest = (HttpServletRequest) request;
		HttpServletResponse hResponse = (HttpServletResponse) response;
		String servletPath = hRequest.getServletPath();

		hResponse.setHeader("Pragma", "No-cache");
		hResponse.setHeader("Cache-Control", "no-cache");
		hResponse.setDateHeader("Expires", 0);

		if (log.isDebugEnabled()) {
			log.debug(servletPath + " Requested :" + hRequest.getHeader(AjaxResultUtil.HEAD_REQUEST_TYPE_PARAM));
		}

		session = hRequest.getSession();
		SessionUser sUser = (SessionUser) session.getAttribute(Constants.SESSION_USER_KEY);
		if (sUser == null || sUser.getLoginName() == null || sUser.getLoginName().trim().length() <= 0) {
			// should be auth
			for (String skip : ns_skips) {// ingore auth, up to skip config
				if (servletPath.indexOf(skip) != -1) {
					chain.doFilter(request, response);
					return;
				}
			}

			if (hRequest.getHeader(AjaxResultUtil.HEAD_REQUEST_TYPE_PARAM) != null
					&& hRequest.getHeader(AjaxResultUtil.HEAD_REQUEST_TYPE_PARAM).equalsIgnoreCase(
							AjaxResultUtil.HEAD_REQUEST_TYPE_AJAX)) {
				// response for ajax request
				AjaxResultUtil.writeAuth(hRequest, hResponse, page_login);
				return;
			}

			hResponse.sendRedirect(hRequest.getContextPath() + page_login);
			return;
		}
		chain.doFilter(request, response);
		return;

	}

	/*
	 * (non-Javadoc)
	 * 
	 * @see javax.servlet.Filter#destroy()
	 */
	@Override
	public void destroy() {

	}
}
